On Fri, Jun 27, 2003 at 12:10:50PM -0400, Thomas Dickey wrote: > In article <2YbC.65R.11@gated-at.bofh.it> you wrote: > > Author: branden > > Date: 2003-06-26 13:01:11 -0500 (Thu, 26 Jun 2003) > > New Revision: 248 > > > Added: > > trunk/debian/patches/093_SECURITY_xterm_window_title_reporting_fix.diff > > trunk/debian/patches/094_SECURITY_xterm_DEC_UDK_sequence_DoS_fix.diff > > Modified: > > trunk/debian/changelog > > Log: > > add two security patches to xterm > > > debian/patches/093_SECURITY_xterm_window_title_reporting_fix.diff: > > SECURITY: disable window title reporting to work around potentially > > malicious text being spewed to terminal window > > <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0063> > > For #177, I assume you did see the allowWindowOps resource. It wasn't clear to me from your changelog that that change addressed this vulnerability, but on reviewing our code from the 4.3.0-sid branch, I did conclude that our 4.3.0 packages will not be vulnerable to this (or to the DEC UDK problem, either.) -- G. Branden Robinson | What influenced me to atheism was Debian GNU/Linux | reading the Bible cover to cover. branden@debian.org | Twice. http://people.debian.org/~branden/ | -- J. Michael Straczynski
Attachment:
pgp9WaZtX6nlW.pgp
Description: PGP signature